www.faberbrent.com

Monday 17 August 2009

The security lessons from Britian's largest jewellery robbery

You may be wondering what a £40 million armed raid at a high-end jewelers store in central London has to do with InfoSec?

Well, in the last few days it has been revealed that the robbers were caught on CCTV 2 days before the robbery, outside the shop 'checking things out'.

So what we had here is pre-planning. This is a common part of all theft (including data), whilst their is opportunist crime it is the exception rather than the norm.

Now we are not post-judging this particular situation but there may have been a window for prevention. One possibility may have been that when they pulled up outside the shop two days before the security guard had approached them and asked something like "can I help you?". By the simple act of engaging during the information gathering or 'hostile reconnaissance' stage it may have been enough to deter the attack. Their reaction to the question may have also raised the security guards suspicion and caused him to brief the other staff to be on the look-out for these men.

How does this relate to InfoSec.... Create a positive culture of security understanding and ownership, check your logs proactively, set up rules and identify behaviour 'out of the norm'. Be proactive and follow up anything out-of-place in a timely manner. Engage your end-users, speak to them and encourage a culture of 'eyes and ears'. Help them understand the threats in 'plain English'.

Prevention is always better than reaction.


Posted by www.faberbrent.com at 09:41 1 comments

Labour MP and Dutch VIP's suffer website data leaks found by a Google search

In unconnected incidents there have been two recent cases of unprotected data being exposed by poor website administration.

These are both excellent examples as to why you should employee independent third-party security testing for your website (and all other security systems).

An untested security system is a false sense of security.

Posted by www.faberbrent.com at 09:34 0 comments

Black-hatter shows how to utilise memory in Apple keyboard to create a hardware key-logger

K.Chen at the Black-hat conference this year proved a concept that he could use the spare memory in an apple keyboard to run a rudimentary key-logging script. Whilst this is interesting it is only really a proof of concept.

What is of far more concern is the existing hardware key-logging devices (pictured) that will record 2 years typing for an average user. BTW these are invisible to all available anti-virus and hardware monitoring software and can only be found by a physical search of your keyboards and computers.

This is a risk that costs $70 and can create a very serious exposure. If you are concerned that your computers have never been checked for malicious hardware contact FaberBrent for help.

Posted by www.faberbrent.com at 09:17 0 comments

How to be a Corporate Mole ...and how to spot one

OK, by no means a comprehensive guide but the thing we found interesting is that this kind of role is becoming part of the public landscape.

Published by eHow (along with how to do just about everything in an amateur, half-arsed fashion) ....probably a bit harsh, there is some good stuff in there (we just wouldn't advise risking your job/life on their spying advice).
Posted by www.faberbrent.com at 09:11 0 comments
Subscribe to: Posts (Atom)